In the field of network management, various approaches are known for the remote monitoring and management of customer networks. That is, the network management system (and its associated tools) is located remotely from the managed customer network and devices. The advantage of this approach is that a third-party service provider is able to leverage management assets across multiple customer networks.
A typical approach to securing known network management systems is to deploy a bastion host in the support infrastructure. As the name suggests, the bastion host is relatively secure. Typically, the bastion host connects to the managed customer network via a Virtual Private Network (VPN) or similar link.
There are many disadvantages associated with the use of the bastion host and VPN link, however. For example, the bastion host provides a single point of vulnerability to attack: if a hacker defeats the security of the bastion host, the hacker may have direct access to one or more customer networks and their devices. In addition, known bastion hosts provide limited transactional audit capability, making breaches of security more difficult to detect and remedy. Moreover, the VPN links between the bastion host and the managed network typically consume relatively high bandwidth. As a result, either network management functions operate very slowly, or costly high-bandwidth links between the bastion host and the managed network are required.
What is needed is an improved system and method for remote network management that reduces security risks, provides improved audit and accountability controls for network management transactions, and decreases the bandwidth that is required between a network management system and the managed customer network.